In ElasticSearch the user uses objects such as:
Energy Logserver manages permissions for created objects. The application already has permission groups associated with data permissions. Each user works under Role, which allows him to view the data set. We went further with this functionality, assigning Role an appropriate set of saved searches, visualizations, dashboards and patterns.
The Energy Logserver is equipped with an object management module, available for the administrative role:
By choosing the appropriate Role, we assign permissions to previously created objects.
Choosing the appropriate objects we assign them to Rola, as shown below:
Importantly, the objects are further divided by the READ / UPDATE privilege. In this example, the user will be able to use the listed objects, but he will not be able to modify them. Let's check how it works:
The user sees only one dashboard that he will not be able to modify. If we want to save the changes in the object, we must have the right UPDATE on the object.
An important object on which every user works is "pattern" for data search. This is an extremely uncomfortable object, because it has a "default pattern" setting, which in Kiban each user changes to the other. By default, "default pattern" is globans and users rearrange this setting.
We found a solution to this problem.
Objects of type "pattern" are assigned to Roles, and each user selects "default pattern" which doesn't affect this setting with another user.
Our user in the role of web can see only previously selected "patterns" and freely select for himself a comfortable "default pattern":
What gives us the management of pattern permissions: